tags:

views:

673

answers:

2
Q: 

Looking for a secure SVN remote update post-commit hook

I am using a development, staging, production server environment with some other developers.

Right now we make changes, test them on our dev server(personal computer) then once we are happy with the changes and want to show them to the client or internal review we commit the changes to repository and update the staging server's working copy via samba(tortoiseSVN) or ssh.

This gets really tedious and repetitive. I am looking to have an post-commit hook update the remote staging server but the only options seem to involve hard coding a user creds in the hook for SSH or creating a network mount with a user account. Is there a way to pass the user authentication from the initial commit to the staging server to update or any other suggestions?

Other setup solutions welcome.

+1  A: 

Did you consider using an automated system like CruiseControl (http://cruisecontrol.sourceforge.net/) on your staging server?

CruiseControl can be configured to check if there are new checkins and then start a build (that usually does a checkout as it's first step).

You can even monitor different branches and do automated integration and release builds depending which branch got changes checked in.

We use that idiom very sucessfully here for our automated builds.

lothar  2009-04-03 22:54:11
Thanks for the suggestion I will keep that in mind. It may be a bit much due to no build/test parts to our process and I was hoping to do an svn update so that less files have to pass across the servers and the people reviewing the staging server would get more instant results after our commit
joelpittet  2009-04-03 23:47:00
+3  A: 

If you are worried about hard-coding user SSH credentials into your script, you can create an SSH keypair without a password. On the destination machine, you will want to restrict that keypair to only run Subversion by adding

command="/path/to/svnserve -t"

to the front of the SSH authorized keys file, like:

command="/usr/bin/svnserve -t" ssh-dss <key text>

Modify your hook script to use this key for login, and you will have (slightly) more security than a traditional no-password SSH key.

Tim Whitcomb  2009-04-03 23:41:29

related questions

Best strategy to write hooks for subversion in Windows
Database Version Control
Version control PHP Web Project
Experience with SVN vs. Team Foundation Server?
Best SVN Client Ignore Pattern for VB.NET Solutions?
SVN merge merged extra stuff
What is your favorite web app deployment workflow with SVN?
Integrating Fogbugz with TortoiseSVN with no URL/Subversion backend
Version Control. Getting started...
ASP.NET Display SVN Revision Number
How do I create a branch in SVN?
What do the result codes in svn mean?
Could you recommend a good free project hosting website?
Federated (Synced) Subversion servers?
Mechanisms for tracking DB schema changes
What are the advantages of using SVN over CVS?
Use SVN Revision to label build in CCNET
Best subversion client for Mac OS
Why is Git better than Subversion?
ASP.NET, Visual Studio and Subversion - how to integrate?
Best Practice: Collaborative Environment, Bin Directory, SVN
How do I sync the SVN revision number with my ASP.NET web site?
Best Subversion clients for Windows Vista (64bit)
Good branch/merge tutorials for Tortoise SVN?
How can you get Subclipse in Aptana to work with the newest release of Subversion?